Fixed covscan issues

Resolves: #1938755 Version: 3.5.1-4
2021-05-11 07:43:15 +02:00 · 2021-05-11 07:43:15 +02:00 · 4daa3481e5
commit 4daa3481e5
parent ac0519955a
2 changed files with 44 additions and 1 deletions
--- a/libarchive-3.5.1-fix-covscan-rhel-9.patch
+++ b/libarchive-3.5.1-fix-covscan-rhel-9.patch
@ -0,0 +1,38 @@
+From 2722f5afe48a9a4089d41f75ec65d090934cfa52 Mon Sep 17 00:00:00 2001
+From: Ondrej Dubaj <odubaj@redhat.com>
+Date: Tue, 11 May 2021 07:39:57 +0200
+Subject: [PATCH] - Fixed double free when calling lzx_huffman_init frees
+ pointer ds - Fixed leak of rar before ending with error
+
+---
+ libarchive/archive_read_support_format_cab.c  | 1 -
+ libarchive/archive_read_support_format_rar5.c | 1 +
+ 2 files changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_cab.c b/libarchive/archive_read_support_format_cab.c
+index 43738b5..950f3d2 100644
+--- a/libarchive/archive_read_support_format_cab.c
+++ b/libarchive/archive_read_support_format_cab.c
+@@ -2110,7 +2110,6 @@ lzx_decode_init(struct lzx_stream *strm, int w_bits)
+ 		ds->pos_tbl = malloc(sizeof(ds->pos_tbl[0]) * w_slot);
+ 		if (ds->pos_tbl == NULL)
+ 			return (ARCHIVE_FATAL);
+-		lzx_huffman_free(&(ds->mt));
+ 	}
+ 
+ 	for (footer = 0; footer < 18; footer++)
+diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c
+index 58a61d1..5d62d16 100644
+--- a/libarchive/archive_read_support_format_rar5.c
+++ b/libarchive/archive_read_support_format_rar5.c
+@@ -4076,6 +4076,7 @@ int archive_read_support_format_rar5(struct archive *_a) {
+ 	if(ARCHIVE_OK != rar5_init(rar)) {
+ 		archive_set_error(&ar->archive, ENOMEM,
+ 		    "Can't allocate rar5 filter buffer");
+		free(rar);
+ 		return ARCHIVE_FATAL;
+ 	}
+ 
+-- 
+2.30.2
+
--- a/libarchive.spec
+++ b/libarchive.spec
@ -2,13 +2,15 @@

 Name:           libarchive
 Version:        3.5.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        A library for handling streaming archive formats

 License:        BSD
 URL:            https://www.libarchive.org/
 Source0:        https://libarchive.org/downloads/%{name}-%{version}.tar.gz

+Patch0:         libarchive-3.5.1-fix-covscan-rhel-9.patch
+
 BuildRequires:  automake
 BuildRequires:  bison
 BuildRequires:  bzip2-devel
@ -211,6 +213,9 @@ run_testsuite


 %changelog
+* Mon May 10 2021 Ondrej Dubaj <odubaj@redhat.com> - 3.5.1-4
+- Fixed covscan issues (#1938755)
+
 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.5.1-3
 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937